name: Docker for Data Migrations # This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. on: workflow_dispatch: push: tags: - "v*" env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io IMAGE_NAME: formbricks/data-migrations DATABASE_URL: "postgresql://postgres:postgres@postgres:5432/formbricks?schema=public" jobs: build-and-push: runs-on: ubuntu-latest permissions: contents: read packages: write # This is used to complete the identity challenge # with sigstore/fulcio when running outside of PRs. id-token: write steps: - name: Checkout repository uses: actions/checkout@v3 - name: Install cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 with: cosign-release: "v2.1.1" - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=tag type=raw,value=${{ github.ref_name }} - name: Build and push Docker image uses: docker/build-push-action@v3 with: context: . file: ./packages/database/Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | DATABASE_URL=${{ env.DATABASE_URL }} - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} run: | cosign sign --yes ghcr.io/${{ env.IMAGE_NAME }}:${{ github.ref_name }}